<?php
include("connection.php");
include("header.php");
?>
<form  name="form1" action="passwordchange.php?action=chage" method="post">
<table width="352" border="0" bgcolor="#FFD8B0">
  <tr>
 <td colspan="2" ><div align="center"><h2>password change </h2></div></td>
 </tr>
  <tr>
    <td width="152">first name </td>
    <td width="184"><label>
      <input type="text" name="fname">
    </label></td>
  </tr>
  <tr>
    <td>last name </td>
    <td><label>
      <input type="text" name="lname">
    </label></td>
  </tr>
  <tr>
    <td>Email</td>
    <td><label>
      <input type="text" name="email">
    </label></td>
  </tr>
  <tr>
    <td>Old password  </td>
    <td><label>
      <input type="password" name="password">
    </label></td>
  </tr>
 <tr>
    <td>New password </td>
    <td><label>
      <input type="password" name="npass">
    </label></td>
  </tr>
  <tr>
    <td> Conform new password </td>
    <td><label>
      <input type="password" name="n1pass">
    </label></td>
  </tr>
 
 <tr>
    <td height="51" colspan="2"><label>
      <div align="center">
        <input type="submit" name="Submit" value="change">
        </div>
    </label></td>
    </tr>
</table>
</form>

<?php
if($_GET['action']=="change")
{
echo $email=$_POST["email"];
echo $password=$_POST["password"];
echo $npass=$_POST["npass"];
$q=mysql_query("SELECT * FROM users WHERE email='".$email."'")or die(mysql_error());
	if(mysql_num_rows($q))
	{
		$row=mysql_fetch_array($q);
		 $db_password=$row['password'];
		
		
		
		if($password==$db_password)
		{
			
			
			
 mysql_query("UPDATE users SET 
  			     password='".$npass."' WHERE email='".$email."'")or die(mysql_error());

		}
		else {
		
		echo"pass is wrong";

			}

		
	}
	else
		{
			echo"email is wrong";

		}
}
include("footer.php");

?>
